<html><head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
</head><body style="color: rgb(0, 0, 0); background-color: rgb(255, 255,
255);" bgcolor="#FFFFFF" text="#000000"><span>Hi David,<br>
<br>
Your attached sample certificate and private key (1024 bit RSA) works
fine.<br>
I am reading it with <span>PEM_read_PrivateKey( fp, &key, NULL,
NULL)</span>, and also<br>
PEM_read_bio_PrivateKey(pkeybio, NULL, 0, NULL) works.<br>
<br>
If you could post the code or code fragment that creates the problem?<br>
<span>d2i_RSAPrivateKey() is not reading PEM</span>, just making sure...<br>
<br>
Best wishes,<br>
Frank Migge<br>
</span><br>
<br>
<blockquote style="border: 0px none;"
cite="mid:D9DE1273-C93F-4AFD-9645-9DD7DF328E73@akamai.com" type="cite"><div
style="margin:30px 25px 10px 25px;" class="__pbConvHr"><div
style="display:table;width:100%;border-top:1px solid
#EDEEF0;padding-top:5px"> <div
style="display:table-cell;vertical-align:middle;padding-right:6px;"><img
photoaddress="dlobron@akamai.com" photoname="David Lobron"
src="cid:part1.06050208.07040507@frank4dd.com"
name="compose-unknown-contact.jpg" height="25px" width="25px"></div> <div
style="display:table-cell;white-space:nowrap;vertical-align:middle;width:100%">
<a moz-do-not-send="true" href="mailto:dlobron@akamai.com"
style="color:#737F92
!important;padding-right:6px;font-weight:bold;text-decoration:none
!important;">David Lobron</a></div> <div
style="display:table-cell;white-space:nowrap;vertical-align:middle;">
<font color="#9FA2A5"><span style="padding-left:6px">Saturday, October
10, 2015 12:33 AM</span></font></div></div></div>
<div style="color:#888888;margin-left:24px;margin-right:24px;"
__pbrmquotes="true" class="__pbConvBody"><div>Hello openssl people,<br><br>I
am trying to read a private key of a certificate into memory using
d2i_RSAPrivateKey. I'm able to read the certificate without a problem,
but when I pass the private key to d2i_RSAPrivateKey, it fails to parse.
I do not see an error message or errno being set - d2i_RSAPrivateKey
simply returns NULL. I've generated a self-signed cert which reproduces
the problem, and I've attached it to this message (this is a throwaway
cert, not in use for anything, so I'm knowingly sending the private
key). The command I used to generate this cert and its key was:<br><br>openssl
req -x509 -newkey rsa:1024 -keyout key.pem -out cert.pem -days 36500
-nodes -outform PEM<br><br>I have another cert where the private key
*is* parseable by d2i_RSAPrivateKey. I printed out both certs from the
command line, and compared them. They appear almost identical. The
only difference I see is that when I print the attached unparseable
cert, the Signature Algorithm section has 8 lines of hex. In the
parseable cert, I see 15 lines of hex. Both certs use
sha1WithRSAEncryption as the algorithm, with 1024 bits.<br><br>Can
anyone help me understand why the private key in the attached cert is
not readable by d2i_RSAPrivateKey? I'm running these tests on a Mac,
but the same thing happens on Ubuntu Linux.<br><br>Thank you,<br><br>David<br><br>Printout
of the attached cert, which fails to parse with d2i_RSAPrivateKey:<br><br>MacBook-Air:self_signed
dlobron$ openssl x509 -in cert.1024.combined -text -noout<br>Certificate:<br>
Data:<br> Version: 3 (0x2)<br> Serial Number:
17702003413458844255 (0xf5aa2650b7f77a5f)<br> Signature Algorithm:
sha1WithRSAEncryption<br> Issuer: C=US, ST=Massachusetts,
L=Cambridge, O=Akamai Technologies, OU=KMI,
<a class="moz-txt-link-abbreviated"
href="mailto:CN=akamai.normandy_authority.client_gateway_ca.1/emailAddress=dlobron@akamai.com">CN=akamai.normandy_authority.client_gateway_ca.1/emailAddress=dlobron@akamai.com</a><br>
Validity<br> Not Before: Oct 8 15:47:30 2015 GMT<br>
Not After : Jan 16 15:47:30 2016 GMT<br> Subject:
C=US, ST=Massachusetts, L=Cambridge, O=Akamai Technologies, OU=KMI,
<a class="moz-txt-link-abbreviated"
href="mailto:CN=akamai.normandy_authority.client_gateway_ca.1/emailAddress=dlobron@akamai.com">CN=akamai.normandy_authority.client_gateway_ca.1/emailAddress=dlobron@akamai.com</a><br>
Subject Public Key Info:<br> Public Key Algorithm:
rsaEncryption<br> Public-Key: (1024 bit)<br>
Modulus:<br>
00:c2:33:df:d8:cb:c9:6e:a4:98:f0:b7:b1:06:51:<br>
77:f8:6c:36:4b:f3:ab:fc:09:ab:98:13:d5:0a:03:<br>
63:31:c4:ce:6f:02:12:b5:c4:4c:83:17:39:c2:b8:<br>
27:89:a5:80:56:36:72:19:8b:9a:dd:e5:e2:22:60:<br>
53:96:f9:4d:c0:f1:c6:06:5f:1b:95:de:b7:8e:d2:<br>
ef:e8:ff:84:81:73:45:c9:a5:52:6d:af:8e:6a:16:<br>
bf:23:97:66:5e:d8:1f:0e:e9:1b:d3:03:e3:cd:4c:<br>
02:2f:68:f0:a5:70:a3:90:f5:19:8d:f5:6b:d1:87:<br>
e7:82:39:f9:09:1b:ee:56:f9<br> Exponent: 65537 (0x10001)<br>
X509v3 extensions:<br> X509v3 Subject Key Identifier:
<br>
2F:D9:17:38:F0:9E:03:2C:57:E5:FF:20:24:BC:F1:AA:2C:35:AB:D5<br>
X509v3 Authority Key Identifier: <br>
keyid:2F:D9:17:38:F0:9E:03:2C:57:E5:FF:20:24:BC:F1:AA:2C:35:AB:D5<br><br>
X509v3 Basic Constraints: <br> CA:TRUE<br>
Signature Algorithm: sha1WithRSAEncryption<br>
5d:5c:c0:10:c3:60:10:c5:d4:30:cf:90:41:32:d9:73:1f:03:<br>
66:a5:3b:ca:e2:99:2f:89:10:0e:4d:d6:b3:1d:97:ae:0a:54:<br>
46:0b:a8:51:02:97:c6:41:32:16:db:7c:77:28:e8:df:73:70:<br>
a0:01:73:b6:84:90:b5:a8:b7:54:53:7d:a9:cd:81:33:35:6d:<br>
58:5e:ba:e2:7d:34:7a:32:c9:fd:4f:07:18:75:a7:53:3d:61:<br>
1b:98:7a:e6:92:5b:74:39:e1:ab:b2:6a:51:4a:56:c5:99:1e:<br>
d7:7a:7a:b6:32:e8:ca:f2:33:bc:3f:d5:3c:3f:87:2a:9f:ab:<br> 37:c8<br><br><br></div><div>_______________________________________________<br>openssl-users
mailing list<br>To unsubscribe:
<a class="moz-txt-link-freetext"
href="https://mta.openssl.org/mailman/listinfo/openssl-users">https://mta.openssl.org/mailman/listinfo/openssl-users</a><br></div></div></blockquote>
<br>
<div class="moz-signature">-- <br>
<div>Sent with <a href="http://www.getpostbox.com"><span style="color:
rgb(51, 102, 153);">Postbox</span></a></div></div>
</body></html>